Some example proofs

In this section we present three examples of the use of the quantifier rules. First we examine a standard result from the logic of the universal quan- tifier. Let us assume that

r : (∀x:A).(B⇒C) and that

p : (∀x:A). B

(Recall that in general the variablexwill be free inB andC). We aim to prove the formula (∀x:A). C, that is to construct an element of this type. First, instantiating both hypotheses using the assumptionx:Awe have

x:A r : (∀x:A).(B⇒C)

r x : B⇒C (∀E)

and

x:A p : (∀x:A). B p x : B (∀E)

Putting the two together, eliminating the implication and eliminating the assumptionx:Aby a∀ introduction, we have

[x:A]1 r : (∀x:A).(B⇒C) .. . r x : B ⇒C [x:A]1 p : (∀x:A). B .. . p x : B (r x)(p x) : C (⇒E) (λx:A).((r x)(p x)) : (∀x:A). C (∀I)1

4.6. QUANTIFIERS 93 In the proof above the assumptions of the two hypothetical proofs are listed one above the other, rather than next to each other; this makes the repre- sentation of the derivation easier to read. If we now abstract over both the hypotheses (and omit the typings on the variables) we have

λr.λp.λx.(r x)(p x) which is of type

(∀x:A).(B ⇒C)⇒(∀x:A). B⇒(∀x:A). C

if we choose to omit the type annotations on the variables. This function is familiar to functional programmers as theScombinator, as well as proving the formula

(A⇒(B ⇒C))⇒(A⇒B)⇒(A⇒C)

in the case thatB andC do not involve the variablex.

Next we prove the equivalence between the following pair of formulae ((∃x:X). P)⇒Q (∀x:X).(P ⇒Q)

in the case thatxis not free inQ. (It is not valid in general — think of the case whenP and Qare the same.) Reading the rule (∀I) backwards, we see that to find an object of type (∀x:X).(P ⇒Q) it is sufficient to find an object in (P ⇒Q) assuming we have an xin X. To find an object of type (P ⇒Q) it is enough to find an object of typeQassuming an object of type P (as well as the object of type X we assumed earlier). Building the proof tree backwards we have

?? : Q λpP.?? : (P ⇒Q)

(⇒I)

λxX. λpP.?? : (∀x:X).(P ⇒Q)

(∀I)

There are constraints on the form of proof of ?? here. We can only introduce a universal quantifier or an implication abstracting over the variabley, say, in the case thaty is free only in the assumption discharged. How are we to inferQ? Proceeding from the assumptions we have

x:X p:P

(x, p) : (∃x:X). P(∃I)

and then by modus ponens, we have

x:X p:P

(x, p) : (∃x:X). P(∃I) e : ((∃x:X). P)⇒Q

Putting the parts together, and replacing the unknown terms ?? with actual values, we have [x:X]2 [p:P]1 (x, p) : (∃x:X). P(∃I) e : ((∃x:X). P)⇒Q e(x, p) : Q (⇒E) λpP.(e(x, p)) : (P ⇒Q) (⇒I)1 λxX. λpP.(e(x, p)) : (∀x:X).(P ⇒Q) (∀I)2 The first abstraction, overp, is legitimate aspis free in none of the other assumptions, and the second is OK as there is only one active assumption at this stage. Note, however, that we cannot discharge the assumptions in the opposite order, since xwill in general be free inP and thus in the assumptionp : P.

How does the converse proof proceed?

To find a proof of an implication, we proceed with an assumption of the antecedent formula, in this case p : (∃x:X). P, and try to find ?? : Q. Proceeding forward from the assumptionp, we have

p : (∃x:X). P Snd p : P[Fst p/x](∃E

0

2)

Using the other assumption, which ise : (∀x:X).(P ⇒Q), we can match the hypothesis of this implication withP[Fst p/x] by universal elimination

p : (∃x:X). P Fst p : X (∃E

0

1) e : (∀x:X).(P ⇒Q) (e(Fst p)) : P[Fst p/x]⇒Q (∀E)

Note that in the conclusion we haveQ and notQ[Fst p/x], since we have assumed that x is not free inQ, and we noted that Q[t/x] ≡Q (for any

t) in such a case. We now apply implication elimination, and complete as above. [p : (∃x:X). P]1 .. . Snd p : P[Fst p/x] [p : (∃x:X). P]1 e : (∀x:X).(P ⇒Q) .. . (e(Fst p)) : P[Fst p/x]⇒Q (e(Fst p))(Snd p) : Q (⇒E) λp .((e(Fst p))(Snd p)) : ((∃x:X). P)⇒Q (⇒I)1

Is there a functional interpretation of the equivalence we have seen above? If we consider the case in which P does not contain x free, we have the types

4.6. QUANTIFIERS 95 These two function spaces give two different representations of binary func- tions. In the first, the function takes apair of arguments, of type (X∧P), to a result of typeQ. The other representation, which is often called the

curried form in honour of Haskell B. Curry, theλ-calculus pioneer, makes the function higher order. By this we mean that on being passed an argu- ment of type X, the function returns a function of type (P ⇒ Q) which expects an argument of typeP, the second half of the pair. (We often call the first representation theuncurried form, in contrast to the latter.)

The pair of functions we derived above can be seen to map from one function representation to another

λxX. λpP.(e(x, p))

takes separately the two arguments xandp, forms a pair from them and, applies the uncurried functioneto the result. Conversely,

λp .((e(Fst p))(Snd p))

takes a pair pas argument, and splits the pair into its componentsFst p

and Snd p, and applies the curried function e to the two halves one at a time.

The functions perform a similar function in the general case that P

depends uponx, and we deal with dependent sum and product types.

Exercises

4.12. Give a derivation of a proof object of the formula (∃x:X).¬P ⇒ ¬(∀x:X). P

Would you expect the reverse implication to be derivable?

4.13. Show that the formulas (∀x:X).¬P and¬(∃x:X). P are equivalent by deriving two functions mapping each into the other.

4.14. Derive an object of type

(∀x:X).(A⇒B)⇒((∃x:X). A⇒(∃x:X). B)

What is this formula in the case that A and B are independent of the variablex?

4.15. Derive an object of type

(∃y:Y).(∀x:X). P ⇒(∀x:X).(∃y:Y). P

where in general P will containx and y free. Under what circumstances can you derive an object of the converse type?

(∀x:X).(∃y:Y). P ⇒(∃y:Y).(∀x:X). P

Can you give a simpler reading of the formula in cases when P does not contain bothxandyfree?